retrive_secrects.py

import boto3
import json
import os
from cryptography.fernet import Fernet
from botocore.exceptions import NoCredentialsError, PartialCredentialsError
from dotenv import load_dotenv

# ✅ Load environment variables for AWS credentials
load_dotenv()

def get_secret(secret_name: str, region_name: str = "us-east-1"):
    """
    Retrieve and decrypt secret from AWS Secrets Manager.
    Loads AWS credentials from .env file.
    """

    try:
        # ✅ Explicit AWS session using .env credentials
        session = boto3.session.Session(
            aws_access_key_id=os.getenv("AWS_ACCESS_KEY_ID"),
            aws_secret_access_key=os.getenv("AWS_SECRET_ACCESS_KEY"),
            aws_session_token=os.getenv("AWS_SESSION_TOKEN")
        )

        client = session.client("secretsmanager", region_name=region_name)

        # Fetch the secret
        response = client.get_secret_value(SecretId=secret_name)

    except NoCredentialsError:
        print("❌ AWS credentials not available. Please check your .env file.")
        return None
    except PartialCredentialsError:
        print("❌ Incomplete AWS credentials found in .env.")
        return None
    except Exception as e:
        print(f"❌ Error retrieving secret: {e}")
        return None

    # ✅ Parse JSON from AWS Secrets Manager
    if "SecretString" not in response:
        print("❌ SecretString missing in response.")
        return None

    secret_dict = json.loads(response["SecretString"])

    # ✅ Retrieve Fernet key
    fernet_key = secret_dict.get("Fernet_Key")
    if not fernet_key:
        print("❌ Fernet_Key missing in secret.")
        return None

    cipher = Fernet(fernet_key)

    # ✅ Decrypt all fields
    decrypted_data = {}
    for key, value in secret_dict.items():
        if key == "Fernet_Key":
            decrypted_data[key] = value
        else:
            try:
                decrypted_data[key] = cipher.decrypt(value.encode()).decode()
            except Exception as e:
                decrypted_data[key] = f"⚠️ Failed to decrypt ({e})"

    # ✅ Extract individual variables
    CONNECTIONS_HOST = decrypted_data.get("CONNECTIONS_HOST", "")
    CONNECTIONS_DB = decrypted_data.get("CONNECTIONS_DB", "")
    CONNECTIONS_USER = decrypted_data.get("CONNECTIONS_USER", "")
    CONNECTIONS_PASS = decrypted_data.get("CONNECTIONS_PASS", "")
    OPENAI_API_KEY = decrypted_data.get("OPENAI_API_KEY", "")
    OPENAI_MODEL_NAME = decrypted_data.get("OPENAI_MODEL_NAME", "")
    OPENAI_MODEL_TURBO = decrypted_data.get("OPENAI_MODEL_TURBO", "")
    REDIS_HOST = decrypted_data.get("REDIS_HOST", "")
    REDIS_PORT = decrypted_data.get("REDIS_PORT", "")
    REDIS_DB = decrypted_data.get("REDIS_DB", "")
    REDIS_PASSWORD = decrypted_data.get("REDIS_PASSWORD", "")
    REDIS_USER = decrypted_data.get("REDIS_USER", "")
    REDIS_URL = decrypted_data.get("REDIS_URL", "")
    QDRANT_HOST = decrypted_data.get("QDRANT_HOST", "")
    QDRANT_PORT = decrypted_data.get("QDRANT_PORT", "")
    QDRANT_COLLECTION_NAME = decrypted_data.get("QDRANT_COLLECTION_NAME", "")
    QDRANT_URL = decrypted_data.get("QDRANT_URL", "")
    QDRANT_API_KEY = decrypted_data.get("QDRANT_API_KEY", "")

    return (
        decrypted_data,
        CONNECTIONS_HOST,
        CONNECTIONS_DB,
        CONNECTIONS_USER,
        CONNECTIONS_PASS,
        OPENAI_API_KEY,
        OPENAI_MODEL_NAME,
        OPENAI_MODEL_TURBO,
        REDIS_HOST,
        REDIS_PORT,
        REDIS_DB,
        REDIS_PASSWORD,
        REDIS_USER,
        QDRANT_HOST,
        QDRANT_PORT,
        QDRANT_COLLECTION_NAME,
        QDRANT_URL,
        QDRANT_API_KEY,
        REDIS_URL,
    )


# 👇 Runs automatically when imported (like old version)
secret_name = "Demo/MR/skeys"
region_name = "us-east-1"

secrets = get_secret(secret_name, region_name)

if secrets:
    (
        decrypted_data,
        CONNECTIONS_HOST,
        CONNECTIONS_DB,
        CONNECTIONS_USER,
        CONNECTIONS_PASS,
        OPENAI_API_KEY,
        OPENAI_MODEL_NAME,
        OPENAI_MODEL_TURBO,
        REDIS_HOST,
        REDIS_PORT,
        REDIS_DB,
        REDIS_PASSWORD,
        REDIS_USER,
        QDRANT_HOST,
        QDRANT_PORT,
        QDRANT_COLLECTION_NAME,
        QDRANT_URL,
        QDRANT_API_KEY,
        REDIS_URL,
    ) = secrets

    print("\n✅ Successfully retrieved and decrypted secret!\n")

#     print("🔐 All Decrypted Secret Values:")
#     for key, val in decrypted_data.items():
#         print(f"  {key}: {val}")

#     print("\n--- DATABASE CONNECTION ---")
#     print(f"HOST: {CONNECTIONS_HOST}")
#     print(f"DB: {CONNECTIONS_DB}")
#     print(f"USER: {CONNECTIONS_USER}")
#     print(f"PASS: {CONNECTIONS_PASS}")

#     print("\n--- OPENAI CONFIG ---")
#     print(f"API_KEY: {OPENAI_API_KEY}")
#     print(f"MODEL_NAME: {OPENAI_MODEL_NAME}")
#     print(f"MODEL_TURBO: {OPENAI_MODEL_TURBO}")

#     print("\n--- REDIS CONFIG ---")
#     print(f"HOST: {REDIS_HOST}")
#     print(f"PORT: {REDIS_PORT}")
#     print(f"DB: {REDIS_DB}")
#     print(f"USER: {REDIS_USER}")
#     print(f"PASSWORD: {REDIS_PASSWORD}")
#     print(f"URL: {REDIS_URL}")

#     print("\n--- QDRANT CONFIG ---")
#     print(f"HOST: {QDRANT_HOST}")
#     print(f"PORT: {QDRANT_PORT}")
#     print(f"COLLECTION: {QDRANT_COLLECTION_NAME}")
#     print(f"URL: {QDRANT_URL}")
#     print(f"API_KEY: {QDRANT_API_KEY}")

# else:
#     raise Exception("❌ Failed to retrieve or decrypt secret.")